Since the beginning of this pandemic, we have witnessed a significant change in consumer spending patterns and how payments are made. There is now significant data that points to an explosion in the use of contactless, digital and non-cash payments.
The credit union sector in Ireland is well-versed in transacting using digital means. Most credit unions offer an online transaction service through a hosted platform which is managed and controlled by a specialist service provider. CUSOP is an independent company operated by The Irish League of Credit Unions and individual credit unions that provides participating credit unions with an electronic payments service. Since its establishment in 2013, CUSOP has been adopted by over half of the credit unions in the Republic.
The European Commission has also established common rules for electronic and non-cash payments. Their payment services directives (PSD 1 & PSD 2) include provisions to ensure increased security and standards for payments throughout the European Union.
Since March 2020, the increased volume of faceless transactions has resulted in heightened challenges for traditional regulated business such as credit unions. Fraudsters are becoming more sophisticated in their approach and can exploit the fact that not all regulated businesses will have the scale and resources to adapt at the same pace. As the fraudster innovates and devises new methods of obtaining personal data, the risk to transactional fraud increases for each credit union.
A recent example of new frauds arising from the pandemic is a text message from a number purporting to be the HSE, asking consumers for details in relation to their vaccination appointment. The message itself is looking to obtain a person’s PPS number, date of birth and home address. Each piece of personal data lost to a fraudster increases their ability to commit fraud and heightens the risk for individual credit unions.
Structurally, a credit union is a financial co-operative based on a common bond, governed by its members who elect a volunteer board. As a result, they can often be less adaptive and may not have the resources available to protect against fraud compared to, for example, a pillar bank who can dedicate significant financial and human capital to risk management processes that address fraud detection and prevention.
With the heightened risk of fraud, it’s worth reminding each credit union board of their responsibility to protect member funds through revisiting the risk management cycles, namely:
A credit union board and management should consider the adequacy of fraud detection and prevention:
Here are some practical actions boards can take:
Crowe has over 20 years’ experience working with credit unions. We understand the sector and the increasing challenges credit union board members face with regulatory and reporting requirements. If you require any assistance, contact a member of our dedicated credit union team.
Find out more about our dedicated credit union team and the services we offer.